function auth_attempt_login($username = "", $password = "") { $login_method = LOGIN_METHOD; if ($login_method == 'LDAP') { if (ldap_authenticate($username, $password)) { #user successfully authenticated, proceed with login auth_login($username); } } else { if (auth_does_password_match($username, $password)) { #user successfully authenticated, proceed with login auth_login($username); } } # check if user logged in $logged_in = session_getLogged_in(); # if user not logged in, login failed, redirect back to the page where the user # tried to login if (!$logged_in) { $switch_project = $_POST['login']['switch_project']; $redirect_page = $_POST['login']['page']; $redirect_page_get = $_POST['login']['get']; # redirect to the appropriate page if (empty($redirect_page)) { error_report_show("home_page.php?", INVALID_LOGIN); } else { error_report_show($redirect_page . "?" . $redirect_page_get, INVALID_LOGIN); } } }
/** * authorization function verifies login & password and set user session data * return map * */ function doAuthorize(&$db, $login, $pwd) { $result = array('status' => tl::ERROR, 'msg' => null); $_SESSION['locale'] = TL_DEFAULT_LOCALE; if (!is_null($pwd) && !is_null($login)) { $user = new tlUser(); $user->login = $login; $login_exists = $user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK; if ($login_exists) { $password_check = auth_does_password_match($user, $pwd); if ($password_check->status_ok && $user->isActive) { // 20051007 MHT Solved 0000024 Session confusion // Disallow two sessions within one browser if (isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) { $result['msg'] = lang_get('login_msg_session_exists1') . ' <a style="color:white;" href="logout.php">' . lang_get('logout_link') . '</a>' . lang_get('login_msg_session_exists2'); } else { //Setting user's session information $_SESSION['currentUser'] = $user; $_SESSION['lastActivity'] = time(); global $g_tlLogger; $g_tlLogger->endTransaction(); $g_tlLogger->startTransaction(); setUserSession($db, $user->login, $user->dbID, $user->globalRoleID, $user->emailAddress, $user->locale, null); $result['status'] = tl::OK; } } else { logAuditEvent(TLS("audit_login_failed", $login, $_SERVER['REMOTE_ADDR']), "LOGIN_FAILED", $user->dbID, "users"); } } } return $result; }
/** * authorization function verifies login & password and set user session data * return map * */ function doAuthorize(&$db, $login, $pwd) { $result = array('status' => tl::ERROR, 'msg' => null); $_SESSION['locale'] = TL_DEFAULT_LOCALE; if (!is_null($pwd) && !is_null($login)) { $user = new tlUser(); $user->login = $login; $login_exists = $user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK; if ($login_exists) { $check = auth_does_password_match($user, $pwd); if (!$check->status_ok) { $result = array('status' => tl::ERROR, 'msg' => $check->msg); } if ($check->status_ok && $user->isActive) { // Need to do set COOKIE following Mantis model $auth_cookie_name = config_get('auth_cookie'); $expireOnBrowserClose = false; setcookie($auth_cookie_name, $user->getSecurityCookie(), $expireOnBrowserClose, '/'); // Disallow two sessions within one browser if (isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) { $result['msg'] = lang_get('login_msg_session_exists1') . ' <a style="color:white;" href="logout.php">' . lang_get('logout_link') . '</a>' . lang_get('login_msg_session_exists2'); } else { // Setting user's session information $_SESSION['currentUser'] = $user; $_SESSION['lastActivity'] = time(); $user->setUserSession($db); global $g_tlLogger; $g_tlLogger->endTransaction(); $g_tlLogger->startTransaction(); // setUserSession($db,$user->login, $user->dbID,$user->globalRoleID,$user->emailAddress, $user->locale,null); $result['status'] = tl::OK; } } else { logAuditEvent(TLS("audit_login_failed", $login, $_SERVER['REMOTE_ADDR']), "LOGIN_FAILED", $user->dbID, "users"); } } } return $result; }
if ($f_error) { echo '<li>' . lang_get('login_error') . '</li>'; } if ($f_cookie_error) { echo '<li>' . lang_get('login_cookies_disabled') . '</li>'; } echo '</ul>'; echo '</div>'; } $t_warnings = array(); $t_upgrade_required = false; if (config_get_global('admin_checks') == ON && file_exists(dirname(__FILE__) . '/admin')) { # Generate a warning if default user administrator/root is valid. $t_admin_user_id = user_get_id_by_name('administrator'); if ($t_admin_user_id !== false) { if (user_is_enabled($t_admin_user_id) && auth_does_password_match($t_admin_user_id, 'root')) { $t_warnings[] = lang_get('warning_default_administrator_account_present'); } } /** * Display Warnings for enabled debugging / developer settings * @param string $p_type Message Type. * @param string $p_setting Setting. * @param string $p_value Value. * @return string */ function debug_setting_message($p_type, $p_setting, $p_value) { return sprintf(lang_get('warning_change_setting'), $p_setting, $p_value) . sprintf(lang_get('word_separator')) . sprintf(lang_get("warning_{$p_type}_hazard")); } $t_config = 'show_detailed_errors';
} # strip extra spaces from real name $t_realname = string_normalize($f_realname); if ($t_realname != user_get_field($t_user_id, 'realname')) { # checks for problems with realnames $t_username = user_get_field($t_user_id, 'username'); user_ensure_realname_unique($t_username, $t_realname); user_set_realname($t_user_id, $t_realname); $t_realname_updated = true; } # Update password if the two match and are not empty if (!is_blank($f_password)) { if ($f_password != $f_password_confirm) { trigger_error(ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR); } else { if (!auth_does_password_match($t_user_id, $f_password)) { user_set_password($t_user_id, $f_password); $t_password_updated = true; } } } form_security_purge('account_update'); html_page_top(null, $t_redirect); echo '<br /><div align="center">'; if ($t_email_updated) { echo lang_get('email_updated') . '<br />'; } if ($t_password_updated) { echo lang_get('password_updated') . '<br />'; } if ($t_realname_updated) {
/** * Allows scripts to login using a login name or ( login name + password ) * @param string $p_username username * @param string $p_password username * @return bool indicates if authentication was successful * @access public */ function auth_attempt_script_login($p_username, $p_password = null) { global $g_script_login_cookie, $g_cache_current_user_id; $t_user_id = user_get_id_by_name($p_username); if (false === $t_user_id) { return false; } $t_user = user_get_row($t_user_id); # check for disabled account if (OFF == $t_user['enabled']) { return false; } # validate password if supplied if (null !== $p_password) { if (!auth_does_password_match($t_user_id, $p_password)) { return false; } } # ok, we're good to login now # With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no # real significance of incrementing login count. # increment login count # user_increment_login_count( $t_user_id ); # set the cookies $g_script_login_cookie = $t_user['cookie_string']; # cache user id for future reference $g_cache_current_user_id = $t_user_id; return true; }
/** * authorization function verifies login & password and set user session data * return map * * we need an option to skip existent session block, in order to use * feature that requires login when session has expired and user has some data * not saved. (ajaxlogin on login.php page) */ function doAuthorize(&$db, $login, $pwd, $options = null) { global $g_tlLogger; $result = array('status' => tl::ERROR, 'msg' => null); $_SESSION['locale'] = TL_DEFAULT_LOCALE; $my['options'] = array('doSessionExistsCheck' => true); $my['options'] = array_merge($my['options'], (array) $options); $doLogin = false; if (!is_null($pwd) && !is_null($login)) { $user = new tlUser(); $user->login = $login; $login_exists = $user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK; if ($login_exists) { $password_check = auth_does_password_match($user, $pwd); if (!$password_check->status_ok) { $result = array('status' => tl::ERROR, 'msg' => null); } $doLogin = $password_check->status_ok && $user->isActive; if (!$doLogin) { logAuditEvent(TLS("audit_login_failed", $login, $_SERVER['REMOTE_ADDR']), "LOGIN_FAILED", $user->dbID, "users"); } } else { $authCfg = config_get('authentication'); if ($authCfg['ldap_automatic_user_creation']) { $user->authentication = 'LDAP'; // force for auth_does_password_match $check = auth_does_password_match($user, $pwd); if ($check->status_ok) { $user = new tlUser(); $user->login = $login; $user->authentication = 'LDAP'; $user->isActive = true; $user->setPassword($pwd); // write password on DB anyway $user->emailAddress = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_email_field'])); $user->firstName = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_firstname_field'])); $user->lastName = ldap_get_field_from_username($user->login, strtolower($authCfg['ldap_surname_field'])); $user->firstName = is_null($user->firstName) || strlen($user->firstName) == 0 ? $login : $user->firstName; $user->lastName = is_null($user->lastName) || strlen($user->lastName) == 0 ? $login : $user->lastName; $doLogin = $user->writeToDB($db) == tl::OK; } } } } if ($doLogin) { // After some tests (I'm very tired), seems that re-reading is best option $user = new tlUser(); $user->login = $login; $user->readFromDB($db, tlUser::USER_O_SEARCH_BYLOGIN); // Need to do set COOKIE following Mantis model $auth_cookie_name = config_get('auth_cookie'); $expireOnBrowserClose = false; setcookie($auth_cookie_name, $user->getSecurityCookie(), $expireOnBrowserClose, '/'); // Disallow two sessions within one browser if ($my['options']['doSessionExistsCheck'] && isset($_SESSION['currentUser']) && !is_null($_SESSION['currentUser'])) { $result['msg'] = lang_get('login_msg_session_exists1') . ' <a style="color:white;" href="logout.php">' . lang_get('logout_link') . '</a>' . lang_get('login_msg_session_exists2'); } else { // Setting user's session information $_SESSION['currentUser'] = $user; $_SESSION['lastActivity'] = time(); $g_tlLogger->endTransaction(); $g_tlLogger->startTransaction(); setUserSession($db, $user->login, $user->dbID, $user->globalRoleID, $user->emailAddress, $user->locale, null); $result['status'] = tl::OK; } } return $result; }
auth_ensure_user_authenticated(); if (!$t_account_verification) { auth_reauthenticate(); } current_user_ensure_unprotected(); html_page_top(lang_get('account_link')); # extracts the user information for the currently logged in user # and prefixes it with u_ $t_row = user_get_row(auth_get_current_user_id()); extract($t_row, EXTR_PREFIX_ALL, 'u'); $t_ldap = LDAP == config_get('login_method'); # In case we're using LDAP to get the email address... this will pull out # that version instead of the one in the DB $u_email = user_get_email($u_id); # If the password is the default password, then prompt user to change it. $t_reset_password = $u_username == 'administrator' && auth_does_password_match($u_id, 'root'); # note if we are being included by a script of a different name, if so, # this is a mandatory password change request $t_verify = is_page_name('verify.php'); $t_force_pw_reset = false; if ($t_verify || $t_reset_password) { $t_can_change_password = helper_call_custom_function('auth_can_change_password', array()); echo '<div id="reset-passwd-msg" class="important-msg">'; echo '<ul>'; if ($t_verify) { echo '<li>' . lang_get('verify_warning') . '</li>'; if ($t_can_change_password) { echo '<li>' . lang_get('verify_change_password') . '</li>'; $t_force_pw_reset = true; } } else {
/** * Allows scripts to login using a login name or ( login name + password ) * * There are multiple scenarios where this is used: * - Anonymous login (blank username supplied). * - Anonymous login with anonymous user name specified. * - Anonymous login with account not existing or disabled. * - Pre-authenticated user via some secret hash from email verify or rss feed, where username * is specified but password is null. * - Standard authentication with username and password specified. * * @param string $p_username Username. * @param string $p_password Password. * @return boolean indicates if authentication was successful * @access public */ function auth_attempt_script_login($p_username, $p_password = null) { global $g_script_login_cookie; $t_username = $p_username; $t_password = $p_password; $t_anon_allowed = config_get('allow_anonymous_login'); if ($t_anon_allowed == ON) { $t_anonymous_account = config_get('anonymous_account'); } else { $t_anonymous_account = ''; } # if no user name supplied, then attempt to login as anonymous user. if (is_blank($t_username) || strcasecmp($t_username, $t_anonymous_account) == 0) { if ($t_anon_allowed == OFF) { return false; } $t_username = $t_anonymous_account; # do not use password validation. $t_password = null; } $t_user_id = auth_get_user_id_from_login_name($t_username); if ($t_user_id === false) { $t_user_id = auth_auto_create_user($t_username, $p_password); if ($t_user_id === false) { return false; } } $t_user = user_get_row($t_user_id); # check for disabled account if (OFF == $t_user['enabled']) { return false; } # validate password if supplied if (null !== $t_password) { if (!auth_does_password_match($t_user_id, $t_password)) { return false; } } # ok, we're good to login now # With cases like RSS feeds and MantisConnect there is a login per operation, hence, there is no # real significance of incrementing login count. # increment login count # user_increment_login_count( $t_user_id ); # set the cookies $g_script_login_cookie = $t_user['cookie_string']; # cache user id for future reference current_user_set($t_user_id); return true; }
function auth_attempt_script_login($p_username, $p_password = null) { global $g_script_login_cookie, $g_cache_current_user_id; $t_user_id = user_get_id_by_name($p_username); $t_user = user_get_row($t_user_id); # check for disabled account if (OFF == $t_user['enabled']) { return false; } # validate password if supplied if (null !== $p_password) { if (!auth_does_password_match($t_user_id, $p_password)) { return false; } } # ok, we're good to login now # increment login count user_increment_login_count($t_user_id); # set the cookies $g_script_login_cookie = $t_user['cookie_string']; # cache user id for future reference $g_cache_current_user_id = $t_user_id; return true; }